1. Technical Field
This disclosure relates generally to access control of assets in a data processing system and more specifically to access control by trust assertion using hierarchical weights.
2. Related Art
As dynamic partnerships become more prevalent, within and among data processing systems, a method for accurately determining trust for unknown partners becomes a requirement. Modern technologies such as Services Oriented Architecture implementations have become pervasive enabling unknown partners to use services provided for sharing. Typically there is no secure method of determining the trust or worthiness of a potential services supplicant who does not have a close relationship with the service provider. A close relationship is typically defined as one in which a trust distance of one is maintained. The trust distance in this case refers to the distance between the two parties.
The close proximity then leads to one of two scenarios. In first example, an unknown supplicant is only granted access to a very restricted set of services. In a second example, an unknown supplicant is granted access to a wider set of services that may be inappropriate. Each example leads to an undesirable balance between security and capability. In the first example the supplicant may be unnecessarily restricted from access to needed information as a cautious response to the situation. In the second example the reverse happens in granting access to too much information because accurate trust information is not available.
Typically trust can only be accurately granted to supplicants with one degree of trust separation, a trust distance of one. When the separation between the requester of access to an asset and the approver of the request or asset owner become more than one degree, typical systems do not respond well. Distributed systems typically maintain central control over asset access, with requesters being registered directly with the central control mechanism.